Fedora has issued an advisory on December 9: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MCUENJQNHVYLROFSXJPDPPHHAYFYM3Z2/ Mageia 5 and Mageia 6 are also affected.
Whiteboard: (none) => MGA6TOO, MGA5TOO
Patch applied to the new cauldron package. mga6 and mga5 remaining.
Whiteboard: MGA6TOO, MGA5TOO => MGA5TOOVersion: Cauldron => 6
Updated packages provided for mga6 and mga5. Assigning to QA.
Assignee: shlomif => qa-bugsStatus: NEW => ASSIGNED
(In reply to Shlomi Fish from comment #2) > Updated packages provided for mga6 and mga5. Where? Nothing shows up on pkgsubmit.
Assignee: qa-bugs => shlomifCC: (none) => qa-bugs
(In reply to David Walser from comment #3) > (In reply to Shlomi Fish from comment #2) > > Updated packages provided for mga6 and mga5. > > Where? Nothing shows up on pkgsubmit. see the updates_testing - http://mirror.math.princeton.edu/pub/mageia/distrib/6/x86_64/media/core/updates_testing/ .
Advisory: ======================== Updated transfig package fixes security vulnerability: An out-of-bounds read flaw was found in the way fig2dev program in Xfig handled the processing of Fig format files. This flaw could potentially be used to crash the fig2dev program by tricking it into processing specially crafted Fig format files (CVE-2017-16899). References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-16899 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/MCUENJQNHVYLROFSXJPDPPHHAYFYM3Z2/ ======================== Updated packages in core/updates_testing: ======================== transfig-3.2.5d-8.1.mga5 transfig-3.2.5d-9.1.mga6 from SRPMS: transfig-3.2.5d-8.1.mga5.src.rpm transfig-3.2.5d-9.1.mga6.src.rpm
CC: qa-bugs => shlomifAssignee: shlomif => qa-bugs
Mageia 5 :: x86_64 POC at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881143 $ fig2dev -L tikz transfig.poc Unknown graphics language tikz Known languages are: box cgm eepic eepicemu emf epic eps gbx ge gif ibmgl dxf jpeg latex map mf mmp mp pcx pdf pdftex pdftex_t pic pictex png ppm ps pstex pstex_t pstricks ptk shape sld svg textyl tiff tk tpic xbm xpm Updated the package. $ fig2dev -L tikz transfig.poc < same message as before > So not a lot of use. In the author's test a segfault occurred before the update. To test this it I tried out xfig to see what the interface looked like. It is a drawing tool much like any other. Experimented a bit then found a file shape.fig on the system and opened it in xfig. Used fig2dev to transform it to a GIF. $ fig2dev -L gif shape.fig > shape.gif Used the Mate image viewer eom to display the GIF file and confirmed that it was a copy of the drawing shown by xfig. This should be enough to show that the package works in Mageia 5 for 64 bits.
Whiteboard: MGA5TOO => MGA5TOO MGA5-64-OKCC: (none) => tarazed25
POC at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=881143 Updated the package. No useful information obtained from running the POC. Installed xfig and created a line drawing with circles and rectangles and saved that to new.fig then converted it to a GIF file.. $ fig2dev -L gif new.fig > new.gif The GIF displayed correctly. Processed a file from the system: $ fig2dev -L eps shape.fig > shape.ps $ gs shape.ps showed an embedded postscript version of the original drawing. $ less shape.ps %!PS-Adobe-3.0 EPSF-3.0 %%Title: shape.fig %%Creator: fig2dev Version 3.2 Patchlevel 5d %%CreationDate: Fri Dec 22 23:20:03 2017 %%For: lcl@belexeuli (Len Lawrence) %%BoundingBox: 0 0 576 265 %Magnification: 1.0000 %%EndComments %%BeginProlog /$F2psDict 200 dict def $F2psDict begin $F2psDict /mtrx matrix put /col-1 {0 setgray} bind def /col0 {0.000 0.000 0.000 srgb} bind def ................... Good for mga6 on x86_64
Whiteboard: MGA5TOO MGA5-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK
Mageia 6 :: i586 on vbox. Installed xfig and copied shape.fig from the host. Updated transfig. $ fig2dev -L png shape.fig > shape.png That produced an empty file. The same when using a test file generated from xfig. Tried $ fig2dev -L xpm test1.fig > test1.xpm The resulting image appeared to lack the outer rectangle but this may have been used to define the boundary of the image. A jpeg conversion failed. These are probably not regressions but the point does need to be checked. (Later) $ fig2dev -L tiff test1.fig > test1.tif I/O Error: Output File "-" must be seekable GPL Ghostscript 9.22: Unrecoverable error, exit code 1 Error in ghostcript command command was: gs -q -dBATCH -dSAFER -sDEVICE=tiff24nc -r80 -g582x422 -sOutputFile=- /tmp/xfig024549.tmpeps > /dev/null < /dev/null $ fig2dev -L eps shape.fig > shape.ps That worked and gs could display the postscript file. $ fig2dev -L svg shape.fig > shape.svg $ display shape.svg No problem there. $ fig2dev -L tk shape.fig > shape $ wish shape The shape file is pure tcl code and displays the original image perfectly. It looks as if this update works but the OK should be withheld until the failure points have been investigated in the pre-update version.
Mageia 5 :: i586 in vbox Installed xfig. Checked transfig before updating. Vector graphics and script type conversions work for fig2dev but JPEG, PNG and TIFF do not, so the earlier comment about no regressions is vindicated. Updated transfig and tried similar tests to those in comment 8. $ fig2dev -L tk shape.fig > shape.tcl Warning: stick arrows do not work well in Tk. Warning: stick arrows do not work well in Tk. Warning: stick arrows do not work well in Tk. Warning: stick arrows do not work well in Tk. Warning: stick arrows do not work well in Tk. Warning: stick arrows do not work well in Tk. $ fig2dev -L eps shape.fig > shape.ps $ fig2dev -L xpm shape.fig > shape.xpm $ fig2dev -L gif shape.fig > shape.gif $ fig2dev -L svg shape.fig > shape.svg All resulting images displayed properly using wish, gs, display or eom. Both 32-bit tests are fine. Validating the transfig update.
Keywords: (none) => validated_updateWhiteboard: MGA5TOO MGA5-64-OK MGA6-64-OK => MGA5TOO MGA5-64-OK MGA6-64-OK MGA5-32-OK MGA6-32-OKCC: (none) => sysadmin-bugs
advisory added
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2017-0469.html
Status: ASSIGNED => RESOLVEDResolution: (none) => FIXED